APPLICATION FOR PAYMENT CARD MERCHANTS To be completed by Departments that would like to accept payment cards (Visa, Master Card, American Express, Discover cards and Debit cards) as a form of payment for goods and/or services, receipt of donations, non-tuition courses, conferences, seminars, tickets and other approved University related products. Please read Payment Card Processing Policy prior to completing this application to make sure that your Department will be able to comply with all the requirements listed on this University Policy. Application must be submitted to the Controller’s Office, CSC 335. Once the application has been approved, please allow at least four weeks for electronic terminals and eight weeks for web based setup prior to the desired “live” date. The information provided on this application will be used to create an “Information Profile” that will be submitted to our bank, American Express and Discover Business Services to request merchant numbers. For assistance or questions regarding this form, please contact Eva Ramirez at (305) 348-2547. 1. DEPARTMENT NAME: ______________________________________________________________ 2. MERCHANT (LOCATION) NAME: FIU_________________________________________________ Note: The merchant (location) name will appear on your customer’s monthly statements and on the bank statements sent to the Controller’s Office. It will always start with FIU (i.e., FIU Student Financials Office, FIU College of Medicine, FIU SHOPUTS). Maximum number of characters is 24, including spaces. 3. INTERNET ADDRESS: ______________________________________________________________ Note: Internet address is ONLY required if accepting credit cards over the internet (online). 4. MERCHANT (LOCATION) ADDRESS: _________________________________________________ ___________________________________________________________________________________ Note: Merchant address must include Building & Room number. Statements will be mailed to this address. 5. PRIMARY CONTACT: _____________________________ TITLE: ___________________________ 6. TELEPHONE #: ____________________ ALTERNATE TELEPHONE #: ______________________ 7. EMAIL ADDRESS: __________________________ FAX NUMBER: _________________________ Note: Primary contact will be responsible for the overall process of accepting payment cards at this location and must be a full time employee. (OPS or College Work Study employees are not allowed). 8. DATE SUBMITTED: _______________________DESIRED “LIVE” DATE: ____________________ PCI DSS-001 Application for Payment Card Merchants Rev 3-16-2010 Page 1 9. TRANSACTION TYPE TO BE ACCEPTED (Mark with an X): VISA ____ MASTER CARD ____ AMERICAN EXPRESS ____ DISCOVER ____ DEBIT ______ Note: FIU accepts ONLY these four types of credit cards. Debit cards will be processed the same as credit cards. 10. PROCESSING TYPE (Check the type of system currently being used or will be used): POS (Point of Sale) Electronic Terminals ____ Internet (online) ____ Other _____ If other, describe in detail ______________________________________________________________ Current Third Party Vendor, if applicable ___________________________________ (Ex: Cybersource) Note: If not using CyberSource Business Edition, Departments are responsible for submitting the contract/agreement to our Legal Office and making sure that it is forwarded to Division of IT for approval prior to purchasing any software. 11. ESTIMATED ANNUAL CREDIT CARD VOLUME: Annual Dollar Amount $ _______________ Annual Number of transactions ______________ Average Dollar Amount of a Transaction: $ _____________ Note: If assistance with the “estimated annual credit card volume” is needed, please call 7-2662. 12. CHARGEBACK INFORMATION: Mail “Chargebacks” to (Provide name, title, and address including building and room #) Name ______________________________________ Title _____________________________ Address _________________________________________________________________________ Note: Chargebacks are created when a customer disputes a charge. If action is not taken by the merchant within the time frame indicated on the letter, FIU will be charged by the payment card company. A journal entry must be made by the merchant to record such chargeback. If assistance with Chargebacks is needed, please call General Accounting at 7-2052. 13. ACCEPTANCE- POS (Point of Sale) Terminals: If using owned equipment (include vendor or type) _______________________________________ Will you need equipment? If yes, select one from below Terminal/Printer Combo Rental Fee (Dial up connection) $20.00/month Qty __________ Terminal/Printer Combo Purchase (Dial up connection) $275.00 Qty __________ Note: An analogue telephone or fax line must be available. If not available, please contact the UTS Help Desk at 7-2284 to request a price quote from Telecommunications. 14. ACCEPTANCE – INTERNET (ONLINE): PCI DSS-001 Application for Payment Card Merchants Rev 3-16-2010 Page 2 Internet Software Vendor ______________________ (CyberSource Business Edition is recommended) Integration and interface requirements, including any special configuration, implementation or conversion needs (if applicable) __________________________________________________________________ Name of technical contact (required) _____________________________________________________ Email address ____________________________________________ Telephone #________________ Note: A Technical contact is required. Merchants accepting payment cards over the internet must post an “Internet Privacy Policy” and a “Refund Policy” on their web site 15. USE: What is the main purpose of this merchant account? (i.e., registration fees, tuition for non-credit courses, tickets for events) _____________________________________________________________________________ Note: Payment card information must NEVER be shared via email, voice message, or instant message. If information is received by fax, it must be processed and shredded immediately. 16. PROCEDURES: I agree to read and adhere to the procedures provided in the Payment Card Processing Policy. 17. REQUIREMENTS FOR ESTABLISHING A MERCHANT ACCOUNT: Departments are responsible for completing the following forms: a. b. c. d. e. f. Application for Payment Card Merchants Background Check Request Form Employee Statement of Understanding Employee Change Form for Merchant Locations Annual Merchant Questionnaire Cancellation of Merchant Services Departments are responsible for ensuring that employees who will be involved in payment card processing, or have access to such sensitive data, have: a. Reviewed the University’s Payment Card Processing Policy and become familiar with the Payment Card Industry Data Security Standards (PCI DSS). To download the PCI DSS, go to b. Cleared a background check before access to cardholder information is granted. (Department supervisor should complete the “Background Check Request Form” and submit completed form to Human Resources PC234). c. Completed Red Flag Training. Please contact security@fiu.edu to register. d. Obtained access to PeopleSoft. Please contact glmaint@fiu.edu. e. Contacted General Accounting at 7-2050 to obtain the necessary role for payment card journals. f. Completed training on how to create payment card journals. Please contact Julia Cancino. PCI DSS-001 Application for Payment Card Merchants Rev 3-16-2010 Page 3 g. Completed payment card processing training, according to the selected “Approved Method of Payment Card Processing”. The three different approved methods are listed below: 1. Point of Sale Terminal – Training conducted by our bank. Appointment is scheduled by the merchant by calling 1-877-895-2614, option 4, once the equipment has been received. The equipment training is conducted over the telephone. 2. Internet payment card application – Online training is available for Cybersource software. Please visit www.cybersource.com/bankofamerica for any pre-sales support needs including setting-up a test account, access to support documentation, online tutorials and recorded demonstrations. Existing merchants with Customer Support needs may contact Cybersource at 866-501-7958 or "Submit a Question" online at www.cybersource.com/help. Note: If Cybersource Business Edition software is not selected, the contract/agreement with software vendor must be reviewed by our Legal Office and Division of IT prior to purchasing the software and prior to submitting this application to the Controller’s Office. Vendor should be on Visa’s “List of Validated Payment Applications”. Please visit https://www.pcisecuritystandards.org/security_standards/vpa. Merchants will be responsible for visiting this site prior to selecting software. 3. Hosted solution by third-party vendor – Must be PCI DSS compliant and approved by the Division of Information Technology, please contact Donna Day at donna.day@fiu.edu, Ext 7-3712. Merchant will be responsible for submitting a contract/agreement to our Legal Office for approval. Merchant will also be responsible for coordinating training with vendor. Note: If approved, the vendor will be required to provide a letter certifying compliance with the PCI DSS regulations. Vendor should be on Visa’s “List of PCI DSS Compliant Service Providers” http://usa.visa.com/download/merchants/cisp-list-of-pcidss-compliant-service-providers.pdf and /or Visa’s “List of Validated Payment Applications” https://www.pcisecuritystandards.org/security_standards/vpa. Merchants will be responsible for visiting these sites prior to selecting a vendor/software. The contract/agreement with third party vendors must be reviewed by our Legal Office and Division of IT prior to submitting this application to the Controller’s Office. Please attach a copy of the approved contract/agreement to this application. 18. CERTIFICATION: I certify, to the best of my knowledge, that the information on this application and all related documents are true and accurate. I certify that I have read and understood University Policy #1110.025, Payment Card Processing, and that I have reviewed the related information contained therein. In addition, I understand that this certification provides authority to purchase/rent equipment as selected below with a charge to department ID___________________________. ___Terminal/Printer Combo Rental Fee (Dial) - $20/month ___Terminal/Printer Combo Purchase (Dial) - $275 ___PIN Pad Rental Fee - $6/month ___PIN Pad Purchase - $80 I certify that all employees who process and handle payment cardholder information will have a background check performed and will undergo required training. I certify that changes in payment card PCI DSS-001 Application for Payment Card Merchants Rev 3-16-2010 Page 4 processing personnel will be submitted to the Controller’s Office via the Employee Change Form for Merchant Locations. Signature of Department Head or Director ________________________________________________ Printed Name _____________________________ Title _______________________________ Date ____________________________________ Telephone # ________________________ Signature of employee that completed this form ____________________________________________ Printed name _____________________________ Title _______________________________ Date ____________________________________ Telephone # ________________________ Once form has been completed and signed, please submit printed application with all related documents to: Maria E. Alvarez, Administrative Assistant, Controller’s Office, CSC 335. For assistance or questions, please contact Maria E. Alvarez at 7-2662 or alvarezm@fiu.edu. Thank you. ******************************************************************************************************************************************************************** Received by the Controller’s Office on _____________________________ Merchant (Location) Name _____________________________________________________________________________ Reviewed by __________________________________________________ ( ) Approved ( ) Denied Date ______________________________ Reason for denial _________________________________________________ Information Profile sent to bank by _________________________________ Date _______________________________ Merchant #’s assigned ___________________________/___________________________/___________________________ PCI DSS-001 Application for Payment Card Merchants Rev 3-16-2010 Page 5